Cisco ASA
This document provides the steps required to configure the Cisco ASA Inspector.
Quick Details
Recommended Agent: On-Premises
Supported Agents: On-Premises or Self-Managed
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: SSH
Data Summary: Here
Overview
See it in Action
Inspector Setup Preparation
This is the recommended method of inspecting a Cisco ASA firewall appliance with Liongard.
Cisco ASA Configuration for On-Premises Inspection Requirements
On-Premises Windows Agent
Please follow the instructions to provision an on-premises Windows agent before proceeding.
Install the Windows Agent on a server within the network residing behind the firewall of the Cisco device.
Configuring Management via SSH
You must allow the agent to communicate with the device via SSH. Follow the steps outlined in the Cisco Configuration Guide for your version to setup SSH access.
Note
There are two methods for SSH authentication. Liongard currently only supports the Enable Password method with Username and Password. SSH Private Key and Passphrase Authentication are currently still being developed.
Liongard Inspector Setup
Individual Inspector Setup
In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Cisco ASA Inspector > Select Add System.
Fill in the following information:
- Environment: Select the Environment this System Inspector should be associated to
- Friendly Name: Suggested "Cisco ASA [Environment Name]"
- Agent: Select the On-premises Agent installed for this Environment
- Inspector Version: Latest
- IP/Hostname: Enter the address used to access the device
- SSH Port: Provide the port that SSH is listening on. Default for SSH is typically 22
- SSH Username: Input the Username configured to authenticate with SSH
If you chose to create an SSH User Account:
- Enable Password: Input the password created during the SSH setup
- SSH Password: Input the password configured in the SSH setup
If you chose to use an SSH Private Key and Passphrase:
-
SSH Private Key: Provide the Private Key
-
SSH Passphrase for Private Key: (IF CONFIGURED) Provide the Passphrase generated
-
Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule
Select Save. The Inspector will now be triggered to run within the minute
Roll out Inspectors at Mass via CSV Import
For more information, please visit our documentation.
To import Cisco ASA Inspectors via CSV Import, navigate to Admin > Inspectors > Cisco ASA > Select the down arrow icon in the top right-hand to Download CSV Import Template.
In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:
- Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
- Inspector.Name: Enter "cisco-asa-inspector"
- Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
- Alias: Enter the Desired Friendly Name
- Config.SSH_HOST: Enter the IP address or the hostname used to access the device
- SecureConfig.SSH_PORT: Enter the port that SSH is listening on (default for SSH is typically 22)
- SecureConfig.SSH_USER: Enter the Username configured to authenticate with SSH
- FreqType: Enter "days"
- FreqInterval: Enter "1"
If you chose to create an SSH User Account, leave the SecureConfig.SSH_PRIVATE_KEY and SecureConfig.SSH_PASS_PHRASE columns empty, and fill out the following columns:
- SecureConfig.ASA_PASSWORD: Enter the password configured on the device
- SecureConfig.SSH_PASSWORD: Enter the password configured for the user
If you chose to use an SSH Private Key and Passphrase, leave the SecureConfig.ASA_PASSWORD and SecureConfig.SSH_PASSWORD columns empty, and fill out the following columns:
- SecureConfig.SSH_PRIVATE_KEY: Enter the Private Key
- SecureConfig.SSH_PASS_PHRASE: Enter the Passphrase generated
When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Cisco ASA > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.
After the successful import notification, reload your browser to find your imported Inspectors.
These Inspectors will automatically trigger themselves to run within a minute.
Optional: Turn on Flexible Asset/Configuration Auto-Updating
If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:
- ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
- IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled
Inspector Fails with Security Error
If a security error is generated when the Inspector runs, you may need to accept the RSA key on the server with which you are connecting.
You can use PuTTY, and when you do so, you will have the opportunity to add the Key to the server's cache.
Updated 9 months ago